Monday, May 27, 2013

Background

Online Website Malware Scanner has identified malicious JavaScript code injection in the scanned website. Such malicious obfuscated JavaScript code is used to build malicious iframe invisible to the website user and which downloads content from remote malware distributor.

This infected website runs on Apache and hosts suspicious JavaScript code injected in 1 file. As discussed in other posts about malicious iframes generation, the attack flow is very similar and contains multiple levels of obfuscation to overcome the detection mechanisms.

Malicious action

Malicious iframes are often used to distribute malware hosted on external web resources(websites).

Thursday, May 23, 2013

Website redirects browser

Background

Online Website Malware Scanner has identified malicious JavaScript code injection in the scanned website. Such malicious obfuscated JavaScript code is used to build malicious iframe invisible to the website user and which downloads content from remote malware distributor.

This infected website hosts suspicious JavaScript code injected in 33 files. As discussed in other posts about malicious iframes generation, the attack flow is very similar and contains multiple levels of obfuscation to overcome the detection mechanisms. This particular threat resembles RedKit exploit kit and it generates iframes to http://alicebangkokescorts.com/womd.html\?i=898055 which in turn loads malicious images into the web browser.

Malicious action

Malicious iframes are often used to distribute malware hosted on external web resources(websites).

Monday, May 13, 2013

Background

Online Website Malware Scanner has identified malicious JavaScript libraries on the scanned website. It looks like the remote and now blacklisted www.omatanet.net was hacked and infected with exploits so that later to be used as intermediate server for malware distribution.

These libraries are injecting hidden iframe connecting visitor to malware distributor. This infected website hosts suspicious JavaScript code injected in 13 files. As discussed in other posts about malicious iframes generation, the attack flow is very similar and contains multiple levels of obfuscation to overcome the detection mechanisms.

Malicious action

Malicious iframes are often used to distribute malware hosted on external web resources(websites).